U.S. Investigates TP-Link Routers Over National Security and Cyberattack Concerns

The U.S. government is intensifying scrutiny of TP-Link routers over growing national security concerns, particularly due to the devices' exploitation in cyberattacks linked to Chinese state actors. As reported by The Wall Street Journal and cited by BleepingComputer and Forbes, federal agencies, including the Departments of Commerce, Defense, and Justice, have launched investigations into TP-Link. This inquiry focuses on potential security vulnerabilities in the company’s routers and pricing strategies that may breach antitrust laws. TP-Link, which commands 65% of the U.S. market for small office and home office (SOHO) routers, has seen rapid growth, with over 300 internet service providers issuing its devices as standard to customers. These routers are widely used in residential networks and have even been identified within government agencies such as the Defense Department, NASA, and the DEA.

Concerns about TP-Link devices stem from a recent Microsoft report, which revealed that a botnet—referred to as Quad7 or CovertNetwork-1658—primarily comprises compromised TP-Link routers. This botnet is leveraged by Chinese threat actors to execute password spray attacks, facilitating broader cyber espionage and ransomware operations. These findings raise alarms about potential backdoors and vulnerabilities within TP-Link devices, which could be exploited for data theft, espionage, or infrastructure disruption. In response to these threats, federal agencies are considering a potential ban on TP-Link products if the investigations confirm security risks. This action would mirror previous bans on Chinese companies like Huawei and ZTE, which were deemed national security threats by the Federal Communications Commission (FCC).

Additionally, TP-Link’s pricing strategies are under investigation by the Justice Department for potentially violating antitrust laws by selling routers below production costs. This practice has enabled TP-Link to dominate the market, with models like the Archer AX21 topping Amazon's best-seller lists. Critics argue that while TP-Link devices are affordable, the company has been slow to address security vulnerabilities, exposing consumers to cyber risks. In response, TP-Link’s U.S. subsidiary expressed its commitment to cooperating with authorities, stating, “We welcome any opportunities to engage with the U.S. government to demonstrate that our security practices are fully in line with industry security standards.” The outcome of these investigations could impact TP-Link’s future in the U.S. market and influence broader policies on the use of foreign technology in critical infrastructure.